当前位置: 动力学知识库 > 问答 > 编程问答 >

c# - ADFS login error when Session varialbles used in MVC

问题描述:

I am getting this error when I use Session variable and I do the following:

1) Log in via ADFS and access the application

2) Do operations

3) Close all browser sessions. (Happens both in IE and Chrome)

4) I try to log in via ADFS again and it redirects about 4 times and it throws the error.

IIS has to be restarted to get the application working since it affects the application globally. None of the users can access it once this error occurs.

I narrowed it down to Session variables, even if I use TempData, ViewBag, ViewData it gives the error. If I remove the Session variables it works, it doesn't give me the error.

Any ideas why Session Variables are causing the error?

[HttpPost]

[ValidateAntiForgeryToken]

//Gets called on button clicked

public ActionResult SaveDoc()

{

Session["myList"] = bpc.UploadDocument(dto);

return Json(new { success = true, redirectToUrl = Url.Action("Summary") });

}

public ActionResult Summary()

{

return View();

}

[HttpPost]

public ActionResult GetResults_List([DataSourceRequest]DataSourceRequest request, CloudDTO dto)

{

var getResults = (List<SampleList>)Session["myList"];

return Json(getResults.ToDataSourceResult(request), JsonRequestBehavior.AllowGet);

}

Client Side

function btnSubmitClick() {

displaySpinner(true);

$.ajax({

url: '@Url.Action("SaveDoc", "Home")',

datatype: 'json',

data: {

__RequestVerificationToken: $('[name=__RequestVerificationToken]').val(),

URL: value,

CloudProvider: $("#cloudProvider").data("kendoDropDownList").text(),

},

type: "POST"

}).success(function (data) {

if (data.success) {

//On success we go to the Summary page.

window.location.href = data.redirectToUrl;

}

else {

//Error Message to user.

$("#validationMessage").html(data.message);

}

})

.done(function () {

displaySpinner(false);

});

网友答案:

I was having the exact same issue and I also realised it was down to the use of Session Variables.

The reason it is happening is because the Session Variables interfere with the cookie set by the Owin response headers. The workaround to this issue is to create a custom cookie manager. This resolved the issue for me

This Microsoft article explains the issue and also provides code samples for creating a custom cookie manager: https://blogs.msdn.microsoft.com/dsnotes/2016/08/25/owin-cookies-signin-error-with-ad-fs/

分享给朋友:
您可能感兴趣的文章:
随机阅读: